For companies of any size and public sector
Keeper’s Guide to Supply Chain Cyberattacks
Get Protected Now
Supply chain attacks are often overlooked cyberattacks, but they can cause catastrophic damage given enough time. Supply chain attacks target vendors and suppliers instead of directly targeting a specific business, making them more difficult to detect and prevent if your vendors aren’t maintaining strict cybersecurity policies and using the best tools.
In this guide, we’ll look closer at what a supply chain attack is, how to detect it, and how to prevent your business from becoming the next victim of a supply chain cyberattack.
A supply chain attack (also known as a third-party attack, value-chain attack or backdoor breach) is when an attacker accesses a business’s network via third-party vendors or suppliers; or, through the supply chain. Supply chains can be massive in scope and complex in their relationships, which is why some attacks are so difficult to trace.
Many businesses work with dozens of suppliers for everything from ingredients or production materials to outsourced work and technology. This is why it’s so important to protect the supply chain and ensure the companies you’re working with are as committed to that protection as you are.
Get Protected Now
Supply chain attacks work by delivering viruses or other malicious software via a supplier or vendor. For example, a keylogger placed on a USB drive can make its way into a large retail company, which then logs keystrokes to determine passwords to specific accounts. Cybercriminals can then gain access to sensitive company information, customer records, payment information and more.
A software supply chain attack only requires one compromised application or piece of software to deliver malware across the entire supply chain. Attacks will often target an application’s source code, delivering malicious code into a trusted app or software system.
Attackers often target software or application updates as entry points. The problem with software supply chain attacks is that they’re so difficult to trace, with cybercriminals often using stolen certificates to “sign” the code to make it look legitimate.
Hardware attacks depend on physical devices, much like the USB keylogger we mentioned earlier. Attackers will target a device that makes its way through the entire supply chain to maximize its reach and damage.
Inserting malware into a computer’s booting code is an attack that only takes a second to unfold. Once a computer boots up, the malware is executed, jeopardizing the entire system. Firmware attacks are quick, often undetectable if you’re not looking for them and incredibly damaging.
Detecting a supply chain attack quickly is the key to ensuring the damage isn’t irreversible. By using modern tools, you can detect all kinds of supply chain attacks from firmware to software and beyond. Here’s what you need:
Mitigating software supply chain attacks requires a few great tools. Here are some options:
The SITA data breach is estimated to have exposed more than 580,000 records from Malaysia Airlines’ Frequent Flyer program. Finnair, Air New Zealand, and others also reported breaches, exposing hundreds of thousands of records on customers across each airline. Singapore Airlines shared data with a company called Star Alliance, which is where the attack is believed to have originated. From there, it spread across the entire supply chain.
In perhaps one of the largest data breaches ever, the IT company SolarWinds was the victim of a supply-chain, malware attack delivered through the company’s own servers during a software update. This attack affected the US Treasury Department, the US Department of Defense, and many others.
A supply-chain attack was recently announced by ClickStudios, the creators of Passwordstate, which is based in Australia. According to reports, an attacker gained access to Passwordstate’s update server, which is hosted on a 3rd party CDN. Any customer who updated their software during that time period likely downloaded the malicious software DLL.
The malicious software was able to decrypt all of the stored data in the customer’s SQL database using encryption keys hosted on the web server’s filesystem. Since Passwordstate software does not use client-side encryption, the attacker was able to decrypt the entire database and exfiltrated the plaintext data to the attacker’s server.
Get Protected Now